kyverno/pkg/engine/utils.go

package engine

import (
	"encoding/json"
	"strings"

	"github.com/minio/minio/pkg/wildcard"
	kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/labels"
)

// ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool {
	if description.Kind != gvk.Kind {
		return false
	}

	if resourceRaw != nil {
		meta := ParseMetadataFromObject(resourceRaw)
		name := ParseNameFromObject(resourceRaw)

		if description.Name != nil {

			if !wildcard.Match(*description.Name, name) {
				return false
			}
		}

		if description.Selector != nil {
			selector, err := metav1.LabelSelectorAsSelector(description.Selector)

			if err != nil {
				return false
			}

			labelMap := ParseLabelsFromMetadata(meta)

			if !selector.Matches(labelMap) {
				return false
			}

		}
	}
	return true
}

func ParseMetadataFromObject(bytes []byte) map[string]interface{} {
	var objectJSON map[string]interface{}
	json.Unmarshal(bytes, &objectJSON)

	return objectJSON["metadata"].(map[string]interface{})
}

func ParseKindFromObject(bytes []byte) string {
	var objectJSON map[string]interface{}
	json.Unmarshal(bytes, &objectJSON)

	return objectJSON["kind"].(string)
}

func ParseLabelsFromMetadata(meta map[string]interface{}) labels.Set {
	if interfaceMap, ok := meta["labels"].(map[string]interface{}); ok {
		labelMap := make(labels.Set, len(interfaceMap))

		for key, value := range interfaceMap {
			labelMap[key] = value.(string)
		}
		return labelMap
	}
	return nil
}

func ParseNameFromObject(bytes []byte) string {
	var objectJSON map[string]interface{}
	json.Unmarshal(bytes, &objectJSON)

	meta := objectJSON["metadata"].(map[string]interface{})

	if name, ok := meta["name"].(string); ok {
		return name
	}
	return ""
}

func ParseNamespaceFromObject(bytes []byte) string {
	var objectJSON map[string]interface{}
	json.Unmarshal(bytes, &objectJSON)

	meta := objectJSON["metadata"].(map[string]interface{})

	if namespace, ok := meta["namespace"].(string); ok {
		return namespace
	}
	return ""
}

// returns true if policyResourceName is a regexp
func ParseRegexPolicyResourceName(policyResourceName string) (string, bool) {
	regex := strings.Split(policyResourceName, "regex:")
	if len(regex) == 1 {
		return regex[0], false
	}
	return strings.Trim(regex[1], " "), true
}

func GetAnchorsFromMap(anchorsMap map[string]interface{}) map[string]interface{} {
	result := make(map[string]interface{})

	for key, value := range anchorsMap {
		if wrappedWithParentheses(key) {
			result[key] = value
		}
	}

	return result
}
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`package engine`
NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00
			`import (`
			`"encoding/json"`
parse regex from policyResourceName 2019-04-30 18:54:08 -07:00			`"strings"`
NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`"github.com/minio/minio/pkg/wildcard"`
rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00			`"k8s.io/apimachinery/pkg/labels"`
			`)`

Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`// ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule`
			`func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool {`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`if description.Kind != gvk.Kind {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`return false`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`}`

			`if resourceRaw != nil {`
			`meta := ParseMetadataFromObject(resourceRaw)`
			`name := ParseNameFromObject(resourceRaw)`

			`if description.Name != nil {`

			`if !wildcard.Match(*description.Name, name) {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`return false`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`}`
			`}`

			`if description.Selector != nil {`
			`selector, err := metav1.LabelSelectorAsSelector(description.Selector)`

			`if err != nil {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`return false`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`}`

			`labelMap := ParseLabelsFromMetadata(meta)`

			`if !selector.Matches(labelMap) {`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`return false`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`}`

			`}`
			`}`
Fixed issue with validation error messages 2019-05-20 14:48:38 +03:00			`return true`
Moved common utils for mutation, validation and generation to pkg/engine/utils 2019-05-15 14:25:32 +03:00			`}`

move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseMetadataFromObject(bytes []byte) map[string]interface{} {`
NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00			`var objectJSON map[string]interface{}`
			`json.Unmarshal(bytes, &objectJSON)`

			`return objectJSON["metadata"].(map[string]interface{})`
			`}`

move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseKindFromObject(bytes []byte) string {`
add violations when patches are not applied 2019-05-01 14:48:50 -07:00			`var objectJSON map[string]interface{}`
			`json.Unmarshal(bytes, &objectJSON)`

			`return objectJSON["kind"].(string)`
			`}`

move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseLabelsFromMetadata(meta map[string]interface{}) labels.Set {`
NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00			`if interfaceMap, ok := meta["labels"].(map[string]interface{}); ok {`
			`labelMap := make(labels.Set, len(interfaceMap))`

			`for key, value := range interfaceMap {`
			`labelMap[key] = value.(string)`
			`}`
			`return labelMap`
			`}`
			`return nil`
			`}`

move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseNameFromObject(bytes []byte) string {`
change util function for retrieving kind, name and namespace from resource RAW 2019-05-02 11:15:23 -07:00			`var objectJSON map[string]interface{}`
			`json.Unmarshal(bytes, &objectJSON)`

			`meta := objectJSON["metadata"].(map[string]interface{})`

NK-23: Implemented generating of secrets and configmaps after namespace is created. Functions for parsing metadata moved to utils. Changed login of mutation webhook according to last changes. 2019-03-06 13:01:17 +02:00			`if name, ok := meta["name"].(string); ok {`
			`return name`
			`}`
			`return ""`
			`}`
NK-31: Implemnted loggin about success to policy. Also fixed showing of error on initialization. 2019-03-21 18:09:58 +02:00
move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseNamespaceFromObject(bytes []byte) string {`
change util function for retrieving kind, name and namespace from resource RAW 2019-05-02 11:15:23 -07:00			`var objectJSON map[string]interface{}`
			`json.Unmarshal(bytes, &objectJSON)`

			`meta := objectJSON["metadata"].(map[string]interface{})`

NK-31: Implemnted loggin about success to policy. Also fixed showing of error on initialization. 2019-03-21 18:09:58 +02:00			`if namespace, ok := meta["namespace"].(string); ok {`
			`return namespace`
			`}`
			`return ""`
			`}`
implement wildcard support 2019-04-30 17:26:50 -07:00
parse regex from policyResourceName 2019-04-30 18:54:08 -07:00			`// returns true if policyResourceName is a regexp`
move webhooks/patches.go webhooks/utils.go to pkg/policymanager/ 2019-05-07 16:50:39 -07:00			`func ParseRegexPolicyResourceName(policyResourceName string) (string, bool) {`
parse regex from policyResourceName 2019-04-30 18:54:08 -07:00			`regex := strings.Split(policyResourceName, "regex:")`
			`if len(regex) == 1 {`
			`return regex[0], false`
			`}`
			`return strings.Trim(regex[1], " "), true`
implement wildcard support 2019-04-30 17:26:50 -07:00			`}`
Implemented base for Mutation Overlay 2019-05-21 18:27:56 +03:00
			`func GetAnchorsFromMap(anchorsMap map[string]interface{}) map[string]interface{} {`
			`result := make(map[string]interface{})`

			`for key, value := range anchorsMap {`
			`if wrappedWithParentheses(key) {`
			`result[key] = value`
			`}`
			`}`

			`return result`
			`}`